[kernel] r15560 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Apr 27 05:40:05 UTC 2010 

Author: dannf
Date: Tue Apr 27 05:40:01 2010
New Revision: 15560

Log:
tty: release_one_tty() forgets to put pids (CVE-2010-1162)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/21lenny5

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Tue Apr 27 05:38:06 2010	(r15559)
+++ dists/lenny-security/linux-2.6/debian/changelog	Tue Apr 27 05:40:01 2010	(r15560)
@@ -8,6 +8,7 @@
     by an invalid Payload Pointer (CVE-2010-1086)
   * NFS: Fix an Oops when truncating a file (CVE-2010-1087)
   * fix LOOKUP_FOLLOW on automount "symlinks" (CVE-2010-1088)
+  * tty: release_one_tty() forgets to put pids (CVE-2010-1162)
 
   [ Ben Hutchings ]
   * [x86] KVM: disable paravirt mmu reporting (Closes: #573071) (regressed

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch	Tue Apr 27 05:40:01 2010	(r15560)
@@ -0,0 +1,29 @@
+commit b5662617959ef558e1130a250a88f9f189cb1bae
+Author: Oleg Nesterov <oleg at redhat.com>
+Date:   Fri Apr 2 18:05:12 2010 +0200
+
+    tty: release_one_tty() forgets to put pids
+    
+    release_one_tty(tty) can be called when tty still has a reference
+    to pgrp/session. In this case we leak the pid.
+    
+    Signed-off-by: Oleg Nesterov <oleg at redhat.com>
+    Reported-by: Catalin Marinas <catalin.marinas at arm.com>
+    Reported-and-tested-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
+    Acked-by: Linus Torvalds <torvalds at linux-foundation.org>
+    Acked-by: Eric W. Biederman <ebiederm at xmission.com>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/drivers/char/tty_io.c b/drivers/char/tty_io.c
+index a51374e..60b691e 100644
+--- a/drivers/char/tty_io.c
++++ b/drivers/char/tty_io.c
+@@ -2342,6 +2342,8 @@ static void release_one_tty(struct tty_struct *tty, int idx)
+ 	list_del_init(&tty->tty_files);
+ 	file_list_unlock();
+ 
++	put_pid(tty->pgrp);
++	put_pid(tty->session);
+ 	free_tty_struct(tty);
+ }
+ 

Modified: dists/lenny-security/linux-2.6/debian/patches/series/21lenny5
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/21lenny5	Tue Apr 27 05:38:06 2010	(r15559)
+++ dists/lenny-security/linux-2.6/debian/patches/series/21lenny5	Tue Apr 27 05:40:01 2010	(r15560)
@@ -8,3 +8,4 @@
 + bugfix/all/dvb-core-fix-dos-in-ule-decapsulation.patch
 + bugfix/all/nfs-fix-an-oops-when-truncating-a-file.patch
 + bugfix/all/fix-LOOKUP_FOLLOW-on-automount-symlinks.patch
++ bugfix/all/tty-release_one_tty-forgets-to-put-pids.patch

More information about the Kernel-svn-changes mailing list